Rolling Meadows, Illinois, USA (14 November 2012) ISACA, a nonprofit association serving 100,000 IT professionals globally, has conducted a survey of more than 4,500 of its members from 83 countries, including 980 members in Europe. Results of the European edition of the IT Risk/Reward Barometer show slowly growing acceptance of “bring your own device” (BYOD) in the workplace, with 28% of organisations freely allowing the use of personal mobile devices for work, compared with 34% in North America and 48% in Oceania. However, there has been a 20-percentage-point drop in enterprises that prohibit BYOD (down from 58% to 30%).
More than half (54%) of IT professionals in Europe continue to report that the risk of BYOD outweighs the benefit, compared to 15% who say benefits are greater than risk and 31% who say that benefits and risk are balanced. Yet, despite the risk, 26% of enterprises still do not have a security policy in place that addresses BYOD.
To help control BYOD risk, enterprises in Europe say they have:
- Encryption (48%)
- Password management system (44%)
- Remote wipe capabilities (37%)
“Enterprises in Europe are starting to follow the global trend of employees using their own devices, and are blurring the lines between work and personal activities. Personally owned PCs or mobile devices—typically more difficult to secure than work-issued devices—can increase the risk of data breaches, viruses or malware. Controls and policies need to be enforced with employee training and safeguards to protect enterprises and their employees," said Ramsés Gallego, CISM, CGEIT, CISSP, SCPM, CCSK, security strategist and evangelist at Quest Software, a Dell Company, and ISACA international vice president.
The survey also shows that companies in Europe are increasingly allowing employees to use their work device for personal activities. Nearly 67% of enterprises allow employees to access social networking sites from a work device (34% of those impose some limitations), and 73% allow employees to shop online using a work-supplied device (38% freely allow it and 35% have some limitations).
Employee activities that ISACA members identify as high risk are storing work passwords on personal devices (80% say it poses a high risk to the enterprise) and using online file-sharing services like Google Docs or Dropbox for work documents without the company’s permission (71%). More than half (63%) of organisations prohibit using a file-sharing service for company documents.
12,000 Euros in lost productivity
On average, enterprises will lose 12,000 Euros in productivity due to an employee shopping online during work hours in November and December, say nearly a quarter of those surveyed. A quarter (26%) believe that employees will spend more than a full work day shopping online during work hours using a personal computer or smartphone, and 25% estimate they will spend more than a full day shopping from a work-supplied device.
View the full results.
About the 2012 IT Risk/Reward Barometer
The annual IT Risk/Reward Barometer helps gauge current attitudes and organizational behaviors related to the risk and reward associated with the blurring boundaries between personal and work devices (BYOD), cloud computing, and increased enterprise risk related to online employee behavior at peak seasonal times.
The study is based on September 2012 online polling of 4,512 ISACA members from 83 countries, including 980 members in Europe. View the full results.
With more than 100,000 constituents in 180 countries, ISACA (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems (IS) assurance and security, enterprise governance and management of IT, and IT-related risk and compliance. Founded in 1969, the nonprofit, independent ISACA hosts international conferences, publishes the ISACA Journal, and develops international IS auditing and control standards, which help its constituents ensure trust in, and value from, information systems. It also advances and attests IT skills and knowledge through the globally respected Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT) and Certified in Risk and Information Systems Control (CRISC) designations.
ISACA continually updates and expands the practical guidance and product family based on the COBIT framework. COBIT helps IT professionals and enterprise leaders fulfill their IT governance and management responsibilities, particularly in the areas of assurance, security, risk and control, and deliver value to the business.
Participate in the ISACA Knowledge Center: www.isaca.org/knowledge-center
Follow ISACA on Twitter: https://twitter.com/ISACANews
Join ISACA on LinkedIn: ISACA (Official), http://linkd.in/ISACAOfficial
Like ISACA on Facebook: www.facebook.com/ISACAHQ
Kristen Kessinger, +1.847.660.5512, firstname.lastname@example.org
Hannah Rafferty, Eskenzi PR, +44 207 183 2836, Hannah@eskenzipr.com